[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Network issues with SuSE firewall

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
  • From: "Gregory Newby" <newby@xxxxxxxx>
  • Date: Mon, 10 Nov 2003 14:09:31 -0900
  • Delivery-date: Mon, 10 Nov 2003 23:10:16 +0000
  • List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

On Sat, Nov 08, 2003 at 08:48:59AM +0000, Keir Fraser wrote:
> > > > Have you been using xen_read_console?  You should be able to
> > > > watch the other domain booting, and check that it comes up OK.

> > > I run it (in the background) but never see anything.  Even
> > > when I reboot, I don't get shutdown messages (they don't
> > > appear on the physical console).
> > 
> > Very odd. Any chance you can get a serial line on the system?
> > The other domain's boot messages should also come out on serial.

They do.  But the system unit is in another room, so it's
not too convenient to get these messages.  I'd be happiest
for them to go to a file!

> It sounds to me like a misconfigured domain 0 firewall. Can you send
> the output from 'iptables -L -v' and 'iptables -tnat -L -v' ?
> If you do that just before and just after booting a new domain then
> that may allow us to see which rule is dropping the console UDP packets.

I'm finally picking this up again - sorry for not getting
right to it.  The problem we're trying to solve is that console
messages are going to the serial port, but not the
physical console or to the shell via xen_read_console.

I experiemented a lot, and this message was 1000 lines longer
with output from iptables etc.  Bottom line is this now works,
though I'm not 100% certain I can replicate all the differences.

1) Reconfigure the default firewall rules to block nothing and
accept everything;
2) Reboot

There is still a very desirable feature: I'd *really* like
xenconsole messages from all domains to go to a file.

The basic setup I have for virtual domains required:
1) ln -s /dev/hdc /dev/cdrom_link   (or modify /etc/xen-mynewdom)
2) leave the CD-ROM in the drawer, but don't boot from it
3) boot to Xen (my new images, discussed earlier)
3a) run "xen_read_console &" as root, to see boot messages  
4) start new domains with xenctl

Steps 1 and 2 are not clear from the 1.0 README.CD.

I now have virtual domains booted and can access them.  I will send
another note describing what I'd like to do to get these living on the
real (non-ram) file system with NFS and shared /usr etc., but will
experiment more first.

  -- Greg

This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.